The Apache server power commander part 1
By Dirk Brockhausen

You may have encountered the name "mod_rewrite" before when surfing the web. For all of our readers who are not intimately familiar with this nifty Apache Web
Server module - and, of course, for those who don't know it all - we are presenting this small introductory tutorial as a multipart serial.

Module mod_rewrite is a package of program routines which can be added to the Apache Web Server. (Note that it will not run under other web servers!)

Its primary function is the manipulation of URLs. The module is very versatile as we are going to illustrate here with a number of real world examples.

However, be very careful and meticulous when working with it! Some mistakes you might be liable to make could generate a logical loop, causing a never-ceasing
100% CPU load.

To steer clear from this, we will start off with some very simple examples.

Before we can get going, however, you will have to check whether the module is installed on your web server at all.

There are several ways to go about this:

1. Ask your system administrator - provided he or she knows. They really should, but unfortunately some plain do not ...
Take care, though: if you are sharing your host server with hundreds of other domains, your inquiry might rouse some sleeping dogs, as usage of mod_rewrite will always entail some increased CPU load.

2. Check your Apache configuration file if you can access it. One possible standard path might be: /etc/httpd/httpd.conf However, your mileage may obviously vary.

3. Check it out with one of the following examples. If it works fine, mod_rewrite is indeed installed on your system. If it isn't, you will get the following message when calling any web page of your choice: "Internal Server Error"

Also, you will see this entry in file "error.log": "Invalid command 'RewriteEngine', perhaps mis-spelled or defined by a module not included in the server configuration."

If your site generates heavy traffic, this method is not recommended, as every visitor will receive this very same error message during your test.

So now let's dig into our first practical example!

We will assume that you will be using mod_rewrite only for your own web site, i.e. not as a generalized cross server setup.

To effect this, some entries in file .htaccess are required.

The .htaccess File
For this technique to work, you will need to upload a file named ".htaccess" (please note the period/dot at the beginning of the file name!) to your server
directory. This can be done via telnet or ftp. (Warning! .htaccess should only be uploaded in "ASCII mode", i.e. not in binary mode!)

If you already have a ".htaccess" file, for example one with the following entries:

Options Includes +ExecCGI AddType text/x-server-parsed-html .html

simply add our code sample to it.

IMPORTANT!

ADJUSTMENTS IN FILE ".htaccess": please edit in ASCII or plain text editor like Notepad etc.

The first two entries will start the module:

RewriteEngine on
Options +FollowSymlinks

Tip: Entry "RewriteEngine off" will override all subsequent commands. This is a very useful feature: instead of having to comment out all subsequent lines, all you need to do is set an "off".

If your system administrator does not allow for implementation of "Options +FollowSymlinks", you will not be able to restrict usage of mod_rewrite to
your directories but will instead have to apply it server wide.

The next required entry is this:

RewriteBase /

"/" stands for the base URL. Should you have another one, you will want to include it. However, "/" is normally the entry for "http://www.YourDomain.com".

And now to the entries proper!

Let us assume that you want to block unauthorized access to your file .htaccess. On some servers you can easily read this file simply by entering a URL of the following format in your browser's address field: http://www.domain.com/.htaccess - a serious
security gap, as your .htaccess file's contents may reveal more about your site's setup to the educated eye than you may want others to know.

To block this access, enter the following:

RewriteRule ^\.htaccess$ - [F]

This rule translates to:

If someone tries to access file .htaccess, system shall generate error code "HTTP response of 403".

The file name ^\.htaccess$ is contained in a regular expression, to wit:

^ Start of line anchor
$ End of line anchor
\. In regular expressions the dot "." denotes a
meta character and must be protected by a backslash (\) if you want an actual dot (period) instead.

The file name must be located exactly between start and end of line anchor. This will ensure that only this specific file name and no other will generate the error code.

[F] : special flag "forbidden".

In this example, the complete ".htaccess" file will now consist of these lines:

RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]

If we add our code to a pre-existing ".htaccess" file, we might, for example, get the following entries:

Options Includes +ExecCGI
AddType text/x-server-parsed-html .html
RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]

This introduction covers the basics required to operate with mod_rewrite.

In the second part of this tutorial we will explain the use of conditions in configuring the module.

You may check up general documentation here:
--------------------------------------------
Module mod_rewrite URL Rewriting Engine:
http://www.apache.org/docs/mod/mod_rewrite.html

A Users Guide to URL Rewriting with the
Apache Webserver:
http://www.engelschall.com/pw/apache/rewriteguide/

Continue with this tutorial >>>

More Web Development Articles
More By Developer Shed

developerWorks - FREE Tools!

Be the first to hear about i5/OS V6R1! Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br /> FREE! Go There Now!

NEW! IBM – Taking Web 2.0 to Work David Barnes, Lead Evangelist for IBM Emerging Internet Technologies will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve. FREE! Go There Now!

NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base. FREE! Go There Now!

NEW! Evaluate Rational Business Developer V7.1 Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities. FREE! Go There Now!

NEW! Improve your build process with IBM Rational Build Forge, Part 1: Create a continuous build and integration environment Learn how to implement a build management system that uses and extends your existing automation technologies. This tutorial shows, step-by-step, how to install and configure IBM Rational Build Forge to manage builds for Jakarta Tomcat from source code. FREE! Go There Now!

NEW! Info 2.0: Harnessing the power of Web 2.0 and Enterprise Mashups Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!

NEW! Rational Talks to You: Scott Ambler on being agile in a global development environment Join this Rational Talks to You teleconference on December 6 at 1:00 pm ET to participate in an agile application development discussion and get your questions answered on using IBM Rational Method Composer in a distributed environment.Get your questions answered! FREE! Go There Now!

NEW! Section 508 of the U.S. Rehabilitation Act: Web accessibility compliance Because access to government information continues to be an area of concern for many U.S. citizens with disabilities, the U.S. government enacted Section 508 of the Rehabilitation Act in 2001 to ensure that government agencies create accessible Web content, enabling all citizens to access the information they need. A fully accessible Web site makes Web content accessible to all individuals, including those with disabilities, who may be accessing Web content via a variety of user agents. Common user agents include standard Web browsers, text-only browsers, assistive devices and mobile devices such as cell phones or personal digital assistants (PDAs). FREE! Go There Now!

NEW! Trial download: IBM Rational Method Composer V7.2 Get a free trial download of the latest version of IBM Rational Method Composer V7.2 which helps you deliver customized yet consistent process guidance to your project teams and IT organization, and includes the latest version of IBM Rational Unified Process (RUP), which has provided process guidance to teams since 1996. FREE! Go There Now!

NEW! Webcast: What is new in Viper 2 for developers? Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications. FREE! Go There Now!

All FREE IBM® developerWorks Tools!